John said:
----------
]]
] > Are you just talking about D-MD, or Digest Auth for
] > Proxy-Authentication and Proxy-Authorization as well?
] >
]
] Digest-MessageDigest has been part of the draft since its very early
] versions. It has limitations. I don't think we are in a position
] to either remove it or overcome its limitations. The new nextnonce
] field seems to me to be a useful addition which is is a very modest
] change and not likely to lead to any unpleasant surprises. I also
] agree with Paul that there is not much reason to keep the user, nonce
] and realm fields. In the fullness of time we can and will create
] stronger ways of dealing with authentication, proxies, headers, etc.
]
] I propose that the D-MD section of this draft be:
]
[omitted]
The problem is, this is broken when a proxy is involved. I don't care
if you enhance the section along the lines of my suggestions, but it
has to work when proxies are involved, otherwise huge numbers of
clients can't use digest auth -- perhaps even the majority of users in
the near future.
Paul